From 4f67c6c0522959c60658bab920d782bb08672fc1 Mon Sep 17 00:00:00 2001 From: Chris Dodge Date: Sun, 10 Feb 2013 16:17:08 -0500 Subject: [PATCH] quick hack to give some protection from unauthorized users from making new courses. Make it so only is_staff people see the 'Create New Course' button. --- cms/djangoapps/contentstore/views.py | 7 ++++++- cms/templates/index.html | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/cms/djangoapps/contentstore/views.py b/cms/djangoapps/contentstore/views.py index 137e71b24a..87a2943773 100644 --- a/cms/djangoapps/contentstore/views.py +++ b/cms/djangoapps/contentstore/views.py @@ -122,7 +122,8 @@ def index(request): course.location.course, course.location.name])) for course in courses], - 'user': request.user + 'user': request.user, + 'disable_course_creation': settings.MITX_FEATURES.get('DISABLE_COURSE_CREATION', False) and not request.user.is_staff }) @@ -1259,6 +1260,10 @@ def edge(request): @login_required @expect_json def create_new_course(request): + + if settings.MITX_FEATURES.get('DISABLE_COURSE_CREATION', False) and not request.user.is_staff: + raise PermissionDenied() + # This logic is repeated in xmodule/modulestore/tests/factories.py # so if you change anything here, you need to also change it there. # TODO: write a test that creates two courses, one with the factory and diff --git a/cms/templates/index.html b/cms/templates/index.html index 92987babda..45c4edc176 100644 --- a/cms/templates/index.html +++ b/cms/templates/index.html @@ -37,7 +37,9 @@

My Courses

% if user.is_active: - New Course + % if not disable_course_creation: + New Course + %endif